Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: WTMPX File corrupted
Operating Systems Solaris WTMPX File corrupted Post 302586080 by methyl on Friday 30th of December 2011 05:20:48 AM
Old 12-30-2011
I've tried to avoid mentioning "wtmpfix" because it is a very specific repair tool and not really relevant to this problem. Historically I have run "wtmpfix" every day on a system which was feeding data to a commercial stats package.

I have used "fwtmp" to export a wtmp file for basic repairs following a power fail and a few more times when a computer has been started with the clock set incorrectly or ran out of disc space. I would normally copy the old file and start a new file before attempting any repair. If the length of history actually matters, you can combine the repaired file with the current file. It's easier to have a script which runs "last" on current and saved files.

I don't rely in wtmp for long term "last login" history and prefer keeping a brief rolling history in the users home directory. If fact for me the main use of wtmp is for basic weekly server usage statistics tabulated by IP Network. I also maintain the "btmp" files in parallel and check them automatically for basic hack attempts.
 

10 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

how to delete entry in file "wtmpx"(/var/adm/wtmpx)

Do someone know how to delete entry(some lines) in file "wtmpx" that command "last" use it. this file is binary so I cannot edit directy. ========================= #last root pts/1 noc Fri Mar 3 22:04 still logged in root pts/1 noc Fri Mar 3 22:01 - 22:02 ... (4 Replies)
Discussion started by: arm_naja
4 Replies

2. UNIX for Dummies Questions & Answers

wtmpx file

Hello everybody: the wtmpx file on my Sol8 machine, got so big (2GB), that my root partition is almost full now, can I empty that file, I read about it that it contains database of user access and auditing, so in case I emptied it will it affect my system?? Thanks alot (3 Replies)
Discussion started by: aladdin
3 Replies

3. Solaris

wtmpx file is too big

Hi, I am using Sun Solaris 5.9 OS. I have found a file called wtmpx having a size of 5.0 GB. I want to clear this file using :>/var/adm/wtmpx. My query is, would it cause any problem to the running live system. Could anyone suggest the best method to clear the file without causing problem to... (6 Replies)
Discussion started by: Vijayakumarpc
6 Replies

4. UNIX for Advanced & Expert Users

wtmpx file is not updating

Hi in my solaris 9 system wmptx file is not updating so it is not recording any login or logout or any other entry. can any one tell me how to solve this problem (0 Replies)
Discussion started by: aaysa123
0 Replies

5. Solaris

wtmpx file

What could possibly happen if wtmpx file got deleted by mistake? Thanks, (8 Replies)
Discussion started by: Pouchie1
8 Replies

6. Solaris

wtmpx corrupted ? fix ...

Hi, saw couple threads about wtmpx corruption, I had this problem on many servers, last command was not working or displaying old output, found good information on a thread on this site and wrote a perl script to fix, thought it might help some people. I found that using wtmpfix I lost many... (0 Replies)
Discussion started by: yannm
0 Replies

7. UNIX for Advanced & Expert Users

Not logging ftp connections in /var/adm/wtmpx file (in last command output)

Hi all, I have F5 load balancer on my system and checking service status by opening an ftp session in every 30 seconds. These ftp sessions are being logged in /var/adm/wtmpx and filling up the file. when i run the last command most of the output is this ftp session. I was wondering if there is a... (1 Reply)
Discussion started by: cepxat
1 Replies

8. Solaris

Something is removing/deleting my wtmpx file?

hi, we have a solaris 10 box that was handled by a different sysadmin before & now it is turned over to us for system administration. our concern is that if we issue the "last" command, it usually says "wtmp begins current day current month date 02:30". just like this "wtmp begins Thu Mar 7... (6 Replies)
Discussion started by: booghaw
6 Replies

9. Solaris

Wtmpx File Permissions Question

Hi all, I have been tasked to change permissions on the wtmpx file to 640. Currently the permissions are at 644. My question is will anything be affected if I change the permissions as shown? Thanks in advance. Derek (2 Replies)
Discussion started by: Derk Berk
2 Replies

10. UNIX for Advanced & Expert Users

Getting information from the wtmpx file

Hi, I tried running the command "last" in the server to check the users that were last logged into the system. However, I get this error : root@csidblog:# last /var/adm/wtmpx: Value too large for defined data type How do I proceed to get this info? I read some forums suggesting to use... (2 Replies)
Discussion started by: anaigini45
2 Replies

LEARN ABOUT MINIX

utmp

UTMP(5) 							File Formats Manual							   UTMP(5)

NAME

       utmp, wtmp - logged in users, login and logout history

SYNOPSIS

       #include <sys/types.h>
       #include <utmp.h>

DESCRIPTION

       The files /etc/utmp and /usr/adm/wtmp respectively contain the currently logged in users, and the history of logins and logouts.

       Each file is an array of the following structure defined in <utmp.h>:

       struct utmp {
	    char	   ut_user[8];	  /* user name */
	    char	   ut_line[12];   /* terminal name */
	    char	   ut_host[16];   /* host name, when remote */
	    time_t	   ut_time;	  /* login/logout time */
       };

       #define ut_name ut_user/* for compatibility with other systems */

       The  structure  contains  more fields than those listed, but they are only of interest to init and login.  Note that the ut_name field is a
       compatibility alias for ut_user, it is actually better to use it.

       A login entry is completely specified.  A logout entry has a null string for ut_name.  A shutdown or reboot entry has an ut_line field con-
       taining	a  "~" (tilde).  The ut_name field is usually the name of the program that did the shutdown, or "reboot" at reboot.  This is a bit
       confusing, but note that there should always be two such entries.  If you see just one entry then the system has crashed, if  you  see  two
       entries then the system was properly shut down and later rebooted.

FILES

       /etc/utmp		Currently logged in users.

       /usr/adm/wtmp		History of logins and logouts.

SEE ALSO

       who(1), ttyslot(3).

AUTHOR

       Kees J. Bot (kjb@cs.vu.nl)

																	   UTMP(5)
All times are GMT -4. The time now is 09:48 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy